RE: ISA server and secure VPN clients

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 22 Oct 2004 08:11:20 -0500

Hi Mike,

Also, have you tested the strong user/group based access control, EAP
client certificate auth, and stateful application layer filtering for
VPN remote access client connections? 

HTH, 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Michael Bertelsen [mailto:mbe@xxxxxxxxxxxxx] 
Sent: Friday, October 22, 2004 8:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA server and secure VPN clients

http://www.ISAserver.org

Hi

Up until the release of ISA Server 2004, the use of Microsoft VPN
Clients
were thought of as only being semi secure, since you have no way of
blocking the use of split tunneling.
From the Client, you were always able to access the local LAN as well as
any subnet entered into the routing table, when the VPN tunnel was
active.

With VPN Quarantining for RRas on Windows Server 2003 you were able to
test on several things on the client before establishing the tunnel, but
as soon as the VPN tunnel was established you could easily change the
routing table, and there by effectively use spilt tunneling.

Also, using RRas policies you can severely lockdown the vpn tunnel it
self.

Does anybody know if this problem has been solved with the release of
ISA
server 2004 ??
I have a hard time seeing how a secure ISA VPN gateway can rectify the
insecure vpn client.
The only thing I see as a possible solution is if i.e. Windows XP SP2
supports an advanced setup, and you set a Quarantine policy to only
allow
clients running Windows XP SP2.

I look forward to your thoughts on this !

Mike

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients
• » RE: ISA server and secure VPN clients

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---